Comment Re:On the value of obscurity vs. security (Score 1) 299
Store the sha1 hash of the password. Then, when the user inputs "open sesame", compare sha1("open sesame") to the stored hash. If they're the same, assume the user input the right password. (Other cryptographic hash functions will do, and you probably want to add salt, but that's the basic idea.)
Well yes, true, that's the basic idea. But as you probably also know, if you really want a secure system there's a lot more to it than just storing a hash along with a salt.
You'll now need to protect the storage where you keep your hashes, to prevent the evildoer from overwriting your hash with a value of his own choosing.
You'll also need to protect the code accessing the storage, as well as every piece of code along the path, to ensure that the evildoer doesn't shortcut the authentication.
It doesn't exactly make your life any easier that we're talking about Windows 95 here. All jokes aside, I sincerely doubt that this would even be possible without a complete rewrite of the OS.
But yes, if you are on a system that gives you all that you need for free without adding to the complexity of your code then by all means, go for the secure solution.